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ComOS 3.3.3 
Release Note 


Introduction 

The new Livingston Enterprises ComOS™ 3.3.3 software release is now available for 
the PortMaster 2, 2E, 2ER, 2R and 25. This release is provided at no charge to all 
Livingston customers. The following document describes the features of the ComOS 
3.3.3 software release and how to upgrade your PortMaster. Upgrade instructions are 
included at the end of this release note. 

WARNING! YOU MUST USE PMINSTALL VERSION 3.3.1 OR LATER TO 
PERFORM THIS UPGRADE! If you are upgrading using PMconsole™ for Windows, 
you must use PMconsole for Windows version 1.1 or later. See "Additional Notes" on 
page 12. If you have any port speeds set to 115200, upgrade to ComOS release 3.3.3, 
and later downgrade to any earlier release you must set the port speeds after 
downgrading. 
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New Features 
ComOS 3.3.3 

ComOS 3.3.3 includes the following new feature: 

For compatibility with the RADIUS™ RFC, Framed-Route attributes delivered from the 
RADIUS server which contain network masks of the type "/xx" no longer create an 
error condition. The PortMaster strips the mask value from the destination address and 
ignores it. 
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ComOS 3 . 3.2 

ComOS 3.3.2 includes the following new features: 

• Support for International ISDN 

• Command to show flash file system 

• Session Termination Cause logging in RADIUS Accounting 

• RADIUS Outbound-User support 

• TCP port number for Login User in RADIUS Accounting 

• Maximum Receive Unit increased to 1520 bytes 

• PAP and CHAP for Dialback PPP users 

• Easier configuration of CHAP for dial-out Locations 

• ChoiceNet™ without RADIUS 

• Set all command made easier 

• Debug off command 

Support for International ISDN 

Support for International ISDN using the MOD-IOI-ST expansion board has been 
added. This is the ISDN 5 BRI expansion card for use in Europe, Japan, and other 
countries using international ISDN standards. See "MOD-IOI-ST LED Behavior" on 
page 12 for LED behavior. New ISDN switch type settings for "set isdn-switch" 
are listed in the following table. 


set isdn-switch 

Used for 

net3 

EuroISDN standard (includes Swiss extensions) 

vn2 

France - Older switch type 

vn3 

France - Older switch type 

vn4 

France - Current National switch type 

ltr6 

Germany - Older switch type 

ntt 

Japan 

kdd 

Japan 


A change in switch type does not take effect until the PortMaster is rebooted. 
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Command to show flash file system 

The "show files" command has been added to display how much of the 128 KB 
flash configuration file system is in use. Output also shows file names. Files are: 


File 

Contents 

confdata 

Extensions to port configurations, etherl, RADIUS 

config 

Global configuration and standard port configurations 

passwd 

User Table 

hosttab 

Host Table 

routes 

Static Routes 

location 

Location Table, except for chat scripts 

script 

Chat Scripts for the Location Table 

snmp 

SNMP 

filters 

IP filters 

listnames 

ChoiceNet list IDs contained in filters 

ipxfilt 

IPX filters 

sapfilt 

SAP filters 

netmasks 

Static Netmask Table 

modem 

Modem Table 


Session Termination Cause logging in RADIUS Accounting 

RADIUS accounting now reports the reason for session termination. In addition, the 
new "set debug termination on" command displays more detailed port 
terminations to the system console as well as sending these messages to syslog. See 
"RADIUS Accounting Terminate Cause" on page 14 for more information on 
termination causes and how to edit the RADIUS dictionary file to take advantage of 
them. (Also available in 3.3.1cl.) 

RADIUS Outbound-User support 

The PortMaster now supports the RADIUS Outbound-User service-type. In addition, 
the PortMaster logs outbound user activity to RADIUS accounting.See "RADIUS for 
Outbound Users" on page 13 for information on using this feature. 

IMPORTANT NOTE: If you are currently using outbound Telnet security with 
RADIUS you must change those entries in your RADIUS users file to use 
Service-Type = Outbound-User when you upgrade to ComOS release 3.3.2. 


New Features 
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TCP port number for Login User in RADIUS Accounting 

The Telnet and Netdata TCP port number is now identified in RADIUS accounting. 
Previously, Login Users sent to a host with Telnet would be identified only as using the 
Telnet service even if they were directed by RADIUS to a TCP port number other than 
23. In ComOS release 3.3.2, if the user is sent to a port other than 23 RADIUS 
accounting reports the TCP port number. This is useful for determining whether the 
user was sent to a special service on the identified host. Accounting records for Login 
Users using the Netdata (TCP-Clear) login service now always include the TCP port 
number. 

Maximum Receive Unit increased to 1520 bytes 

LCP now allows the remote end to request (via a NAK) a maximum receive unit of up 
to 1520 bytes instead of the previous limit of 1500. This accommodates some Multilink 
PPP implementations which use a MRU larger than 1500 bytes. 

PAP and CHAP for Dialback PPP users 

PAP and CHAP authentication support has been added for Dialback PPP users. 

Easier configuration of CHAP for dial-out Locations 

The new command "set location Location_Name chap [ on | off ]"has 
been added to make outbound CHAP authentication easier to configure. When 
"chap on" is set for the location, the PortMaster requires that it be authenticated 
using CHAP on an outbound dial. The username and password entered in the location 
table are used as the "system identifier" and "MD5 secret" in the CHAP authentication. 
Use of this feature eliminates the need to use the sysname and user table 
configurations for CHAP unless the device being dialed to also sometimes dials into 
the PortMaster. The default setting is "chap off". 

ChoiceNet without RADIUS 

ChoiceNet can now be used without RADIUS, using the commands 

"set choicenet Ipaddress" and "set choicenet-secret String". 

Set All command made easier 

The "set all" command no longer affects the W1 port, the P0 parallel port or the new 
CO (PM-2I and PM-2E-10I only) console port. Now it affects only ports SO-29. 

The command "set all network dialin" is now supported. 

Debug off command 

The command "set debug of f" has been added. This command clears all debug 
settings which are currently active in the PortMaster. 
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ComOS 3.3.1 

ComOS 3.3.1 adds the following new features: 

• 5ESS Custom Point-to-Point ISDN Support 

• Ascend Multilink PPP compatibility 

• Data over voice for both inbound and outbound ISDN connections 

• AT strings for more user control for outbound ISDN dialing 

• Console now ignores modem type and autolog 

• Iroot login on serial ports can be disabled 

• Non-printing characters allowed in passwords 

• RADIUS Accounting records signed 

• Port Type included in RADIUS Authorization and Accounting 

• Input and output octet counters in RADIUS Accounting 

• RFC 1877 support added so clients can learn their DNS server from PortMaster 

• Location Table entries made simpler and easier 

5ESS Custom Point-to-Point ISDN Support 

5ESS Custom Point-to-Point ISDN Support has been added. 

PMconsole™ 3.3 does not support the 5ess-ptp switch type, so if you are using 5ESS 
Point-to-Point you must set the switch type from the command line as follows: 

set isdn-switch 5ess-ptp 

save all 

reboot 

Ascend. Multilink PPP compatibility 

Compatibility with Ascend's version of Multilink PPP has been added. 

Data over voice for both inbound and outbound ISDN connections 

Data over voice is now supported for both inbound and outbound ISDN connections. 
The PortMaster automatically accepts voice calls inbound and treats them as data calls. 
Outbound, setting the voice attribute in the location table with "set Locati on_Name 
voice on" forces a voice call. In outbound asynchronous mode, the AT&N55 
command forces a voice call. 

AT strings for more user control for outbound ISDN dialing 

In asynchronous ISDN mode new AT strings have been added to allow more user 
control when performing outbound dialing. Specifically the new strings are: 

&N55 Perform an outbound call using data over Voice (a Voice call is originated). 
&N56 Perform an outbound call using a 56000 data connection. 

&N64 Perform an outbound call using a 64000 data connection. 

&N0 Attempt to autodetect the available data service (64000 or 56000) 


New Features 


5 





ComOS 3.3.3 Release Note 


Console now ignores modem type 

When the console diagnostic switch is up, the PortMaster no longer attempts to 
configure the modem specified for the console port. This allows a terminal to be more 
easily attached to the console for debugging purposes when a modem was previously 
attached. Any autolog setting on SO is now ignored if the console diagnostic switch is 
up. 

hoot login on serial ports can be disabled 

The command "set serial-admin of f" disables !root logins on the serial ports. 
!root can still login on port SO if the console dip switch is up. 

Non-printing characters allowed in passwords 

Support has been added to allow the entry of non-printing characters in the login 
password field. 

RADIUS Accounting records signed 

RADIUS accounting has been extended to deliver signed accounting records for 
verification of authenticity as per the current RADIUS Internet-Draft. 

Port Type included in RADIUS Authorization and Accounting 

RADIUS accounting and authorization has been extended. The new NAS-Port-Type is 
now included in Access Requests and Accounting Requests. This allows administrators 
to know definitively whether a user is attempting a session on an asynchronous port, 
an ISDN port, or a synchronous port. 

Input and output octet counters in RADIUS Accounting 

RADIUS accounting has been extended to include input and output bytes counts in the 
RADIUS Stop records. 

RFC 1877 support added so clients can learn their DNS server from 
PortMaster 

Support for RFC 1877 has been added. This allows hosts which support RFC 1877 to 
leam their DNS (and other servers) through the PPP protocol negotiation. Use the 
"set nameserver Ipaddress" command on the PortMaster to set the nameserver 
that the PortMaster tells the host about. You can set an alternate name server with 
"set nameserver 2 Ipaddress". 

Location Table entries made simpler and easier 

New location table entries now default to PPP and its associated configuration 
parameters to simplify data entry for the most common types of dial locations. 

Automatic location table scripting has been implemented. Instead of requiring the 
administrator to enter a V.25bis or AT style send/expect dial script, they can simply 
enter the telephone number, user name, and password to use when dialing to a remote 
location. 
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The following commands have been added to support this: 

set location Location_Name telephone 8005551212 
set location Location_Name username PPP_PAP_username 
set location Location_Name password PPP_PAP_password 

ComOS 3.3 

ComOS 3.3 includes the following new features: 

• ISDN Basic Rate Interface (BRI) support 

• Multilink PPP on ISDN 

• Multilink V.120 on ISDN 

• Dynamic loadable software modules for memory management 

• ARP entries cleared on Frame Relay 

• Require PAP option 

• Per user port limit for Multilink PPP and Multilink V.120 

• Per user idle timeouts 

• Per user session time limits 

• IP numbered interfaces through User Table 

• BOOTP support 

• Called-Station-Id and Calling-Station-Id for RADIUS accounting 

• RADIUS accounting sends notification of PortMaster boot 

• Outbound PAP authentication 

• Increase in active interfaces 

ISDN Basic Rate Interface (BRI) support 

ISDN basic rate interface support has been added. This release added full support for 
the new MOD-IOI-U ISDN expansion boards available for the PortMaster 2E and 2ER. 
Consult the "Installing the MOD-IOI-U ISDN Expansion Board" release note for a full 
list of supported capabilities. 

See "ISDN Basic Rate Interface (BRI) support" on page 22 for instructions on 
configuring the PortMaster 2E to use the MOD-IOI-U ISDN expansion board. 

Multilink PPP on ISDN 

Multilink PPP (MP) is now supported on ISDN interfaces. This is supported 
concurrently with the Livingston Multi-line Load Balancing. The PortMaster 
automatically detects and accepts both Multi-line Load Balancing and Multilink PPP 
connections. Outbound, the PortMaster can be set to use Multilink PPP via the 
Location Table by using the "set location Location_Name multilink on" 
command. 


New Features 
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Multilink V.120 on ISDN 

Implemented Multilink V.120 on ISDN interfaces. This allows the Livingston 
PowerLinkl28 ISDN Modem to make 128Kbps connections to the PortMaster. Second 
connections generate PowerLinkl28 RADIUS Accounting records. 

Dynamic loadable software modules for memory management 

Memory management has been improved and Dynamic Load modules have been 
implemented. Device drivers now only load if the specific device is present in the 
PortMaster (i.e. sync port or ISDN). In addition if SNMP or IPX are not needed they 
can be disabled to save memory. The commands "set ipx of f" and "set snmp 
off" cause the modules to not load. Any device drivers or subsystems not needed 
provide additional operational memory for the PortMaster. See the memory guidelines 
below for PortMaster memory requirements. 

IMPORTANT - to use IPX, you must now use the "set ipx on" command. If you are 
upgrading from a previous release and had IPX configured, it defaults to “on" in this 
release. When turning IPX or SNMP off, you must do a "save all" and reboot the 
PortMaster before the change takes effect. 

ARP entries cleared on Frame Relay 

ARP entries are now cleared on Frame Relay interfaces when LMI stops reporting the 
DLCI. This eliminates packet traffic on PVC's which have been disabled. 

Require PAP option 

The support for Challenge Handshake Authentication Protocol (CHAP) can now be 
disabled. Administrators who do not wish to support inbound CHAP authentication 
can now use the command "set chap off" to disable it. If CHAP is disabled, the 
only authentication supported is PAP or simple usemame/password login. It is 
recommended that this form of authentication use more advanced security subsystems 
like one-time password smart cards. 

Per user port limit for Multilink PPP and Multilink V.120 

Implemented Port Limits on a per user basis, only for Multilink V.120 and Multilink 
PPP users. If left unconfigured, port limits are not imposed, and Multilink V.120 and 
Multilink PPP sessions are allowed. If a port limit is set, the user is limited to that 
number of ports on the PortMaster for Multilink V.120 and Multilink PPP only. The 
command to do so is "set user Username maxports Number" . This can be 
specified as part of the new RADIUS Port-Limit attribute. 

Per user idle timeouts 

Implemented idle timeouts on a per user basis. Idle timeouts can be set in the User 
Table or can be provided as part of the new RADIUS Idle-Timeout attribute. To set 
them in the User Table use the "set user Username idle Minutes " command. 
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Per user session time limits 

Implemented session limits from the User Table or RADIUS. If RADIUS returns a 
session time limit using the new Session-Timeout attribute, the user is automatically 
disconnected when the time limit is exceeded. To set a session limit in the User Table 
use the "set user Username session-limit Minutes" command. 

IP numbered interfaces through the User Table 

Implemented IP numbered interfaces for network users through the User Table. By 
using the "set user Username local-ip-address IPaddress" command, the 
PortMaster uses the local-ip-address as its IP address to the serial interface. This 
function is not available in RADIUS. 

BOOTP support 

BOOTP Support has been added. Clients dialing into the PortMaster can now make 
BOOTP requests to determine IP address. Subnet Mask, Default Gateway, DNS server, 
and Domain Name. The PortMaster only responds to BOOTP requests on its serial or 
ISDN lines. 

Called-Station-Id and Calling-Station-Id for RADIUS accounting 

RADIUS Accounting has been extended to provide Called-Station-Id and 
Calling-Station-Id on ISDN dial-up connections (where provided by the ISDN carrier). 
These attributes can be used to differentiate ISDN calls from analog calls and to track 
origination of ISDN calls. 

RADIUS accounting sends notification of PortMaster boot 

The PortMaster logs a Start record with no Username to the RADIUS accounting server 
at boot time. 

Outbound PAP authentication 

Outbound PAP authentication is now supported. The PortMaster previously required 
the remote end to authenticate with CHAP. Now, by specifying a PAP username and 
Password in the Location Table dial script, the PortMaster can be authenticated by the 
remote end using PAP. This is done by setting the Send String in the last line of the dial 
script to contain the PAP information. The command is: 

set location Location_Name script Number "= PAP= User/Password" 

This authenticates using PAP as user User with password Password. ComOS 3.3.1 has 
an even simpler method of specifying PAP authentication in the location table. 

Increase in active interfaces 

The ceiling on maximum active interfaces has been raised from 100 to 500 when more 
than 1MB of memory is found. 


New Features 
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Bug Fixes 

ComOS 3.3.3 

Basic rate ISDN lines using switch type 5ESS point-to-point (5ESS-PTP) now establish 
LAPD sessions on their D channels immediately after system startup. This allows some 
hunt group provisioning to work properly. 

ISDN ports configured for "host prompt" now accept synchronous PPP connections. 

When dialing from one PortMaster to another using the V.120 protocol, users 
occasionally would not receive a login prompt until they pressed the Enter key. This 
problem has been fixed. 

ISDN calls made using French switch type VN4 now pass their called telephone 
number using the "unnumbered" plan. This increases compatibility with some 
switches. 

Calls rejected due to service incompatibility now provide proper cause codes to the 
switch. 

A larger number of processes are now supported on the PM-2. This is required at boot 
time on a fully loaded PM-2E with 15 ISDN BRI ports. 

The PortMaster occasionally rebooted while auto-detecting asynchronous PPP sessions. 
This problem has been fixed. 

If a RADIUS server sent an Access-Challenge to users being authenticated with PAP 
the PortMaster incorrectly treated it as an ACK. This has been fixed. An 
Access-Challenge received for a PAP user is now treated as a NAK. 

ComOS 3.3.2 

The following bugs have been fixed in ComOS 3.3.2. 

PM-2ER WAN port lockup fixed 

The W1 lockup problem on the PM-2ER has been fixed. Previously, from every few 
days to every few weeks the W1 port on the PM-2ER would stop transmitting packets 
and would recover after some amount of time or after a port reset. This software bug 
has been fixed. (Also available in 3.3.1cl.) 

MOD-IOI-U port S14-15 lockup fixed 

In some cases, one of the middle BRI ports (S14-15 or S24-25) on the MOD-IOI-U ISDN 
expansion card would stop functioning and require a reboot of the PortMaster to 
re-enable. This has been fixed. 

Zero Length Filters are now ignored 

Zero length filters applied to Ethernet interfaces are now treated as permit filters. That 
is, if a filter has no rules at all it now permits everything through. If it has one or more 
rules then anything not explicitly permitted by a rule is denied at the end of the filter. 
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Ports using ChoiceNet can be reset safely 

Previously, resetting or disconnecting a port which is waiting for ChoiceNet to upload 
a dynamic packet filter would cause the PortMaster to reboot. This has been fixed; 
ports can now be reset without causing a problem. 

State Attribute cleared properly 

Previously the RADIUS State attribute could be inadvertently retained between login 
sessions, displaying the wrong RADIUS menu when users logged on. This has been 
fixed. (RADIUS menus are supported in the RADIUS 2.0 server, to be released later.) 

Too-long Filter-Id Attributes now truncate 

Previously, a RADIUS Filter-Id attribute longer than 12 characters for PPP users would 
cause the PortMaster to reboot. This has been fixed. A Filter-Id longer than 12 
characters is now truncated to 12 characters before appending the ".in" and ".out" to 
the filter name. 

Host Prompt now works over ISDN 

Previously an ISDN port set for host prompt would not echo characters back to the 
user. This has been fixed. 

Location username now deletes properly 

Previously, adding a username to a location, deleting the location, and adding the 
location again would bring back the username entry. The username is now properly 
deleted when the location is deleted. 

Extraneous console message removed 

If a user dials in and negotiates IPX while the console is set, the console gets a burst of 
"e_getpacket: no packet available" messages at the end of negotiations. These are 
harmless, but have been removed. 

Commands fixed 

The usage statement for ptrace has been fixed. 

Previously, only the command "save host" would save the PortMaster Hosts Table. 
The plural form "save hosts" is now supported as well. 

ComOS 3.3.1 

"No Circuit Available" on ISDN lines has been fixed. In some cases a call was not being 
completely disconnected even though the PortMaster thought the disconnect had 
completed. In this case additional attempts to dial out would fail because a new circuit 
was not actually available. The PortMaster now fully cleans these connections up. 

Occasionally the message "mwac.cmd: ISDN command timeout - ip0<0200, 8014>" 
would be displayed on the PortMaster console. At this point ISDN traffic would cease 
until rebooting. This has been fixed. 


Bug Fixes 
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Some PPP packets would fail to transmit over ISDN with the message 
"remote_slifrecv: Limited expansion room - packet lost" being displayed on the 
console. This has been fixed. 

Release 3.3 introduced a bug in which duplicate IP addresses would be assigned to 
multiple users. This typically happened if the port was configured as a host prompt 
port with network dial-in disabled and a network connection was started by PPP 
autodetect or entering "ppp" at the host prompt. All additional PPP users coming in on 
other ports with the same configuration would receive the same IP address. In some 
cases this problem occurred with other configurations. This has been fixed. NOTE: 
Users should verify that ports which they want to allow PPP connections to be 
established from the "host:" prompt have network dial-in enabled. 

Multiple simultaneous outbound dialing over ISDN has been fixed. Previously if 
multiple outbound dial attempts were initiated within 200ms of each other, the second 
dial attempt would be lost and the second outbound dial would never complete. 

ComOS 3.3 

The PortMaster no longer loses track of IP addresses it provided as assigned address 
from the pool. This bug caused the PortMaster to start giving out address 0.0.0.0 to 
dial-in hosts because it is out of addresses. 

Users which have initiated a PPP connection using PPP autodetect and get 
authenticated and authorized as a SLIP user are now properly handled. Service is 
denied and the PortMaster cleans up the session. Previously a variety of symptoms 
would be experienced causing an incorrect active configuration. 

The correct active user is retained for ports configured for host prompt. 

Serial port spurious interrupt handling has been extended to include detecting streams 
of framing errors. Some modems get confused about their configuration and begin 
sending continuous data to the PortMaster at a baud rate different than set on the 
PortMaster. This would cause all operation on the PortMaster to appear stopped for 
several minutes to several hours. The PortMaster now attempts to reset the modem 
and continues to operate properly even if the modem does not recover. 


Additional Notes 
ComOS 3.3.2 

MOD-IOI-STLED Behavior 

When you first turn power on, each BRI status LED on the MOD-IOI-ST expansion card 
blinks twice a second for up to ten seconds while the board is performing a self-test. If 
the BRI synchronizes with the attached NT1 and switch the LED turns solid. If it fails 
to synchronize the LED stays off, except that if a Directory Number is set on the port, 
the LED flashes on briefly once every five seconds as the PortMaster tries to activate 
the BRI. If no Directory Number is set, the LED stays off. If the Directory Number is set 
and you plug in the RJ-45 from the NT1, at the next 5-second flash the LED comes on 
and stays on, or if the switch tries to activate the BRI the LED goes on. If the 
PortMaster tries to dial out and finds the BRI has been inactivated, the LED goes off. 
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RADIUS for Outbound Users 

RADIUS on the PortMaster now supports Service-Type = Outbound-User, used to 
authenticate users gaining outbound access to network device ports. 

If you do not have any ports set to "device /dev/network" or "twoway 
/dev/network" you can ignore this entire section, it does not apply to you. If you do 
have any ports set to "device /dev/network" or "twoway /dev/network" and have 
been using RADIUS to authenticate outbound users, you should read this section 
carefully and understand it completely before upgrading to this release, because things 
will work differently after the upgrade. 

In ComOS release 3.3.1 and earlier, to allow users to access the modems for outbound 
dialing across your network but require a password for such access, you set the port 
up like this (after first moving your telnet administration port to something other than 
23 with a command like "set telnet 24"): 

set si device /dev/network 

set si service_device telnet 10000 

save si 

reset si 

And then set up a user like this in the PortMaster User Table, 
add user fred 

set user fred password What4ever 

set user fred service telnet 10000 

set user fred host <PortMaster etherO IP address> 

save user 

A user can then telnet to the PortMaster at the usual telnet port of 23, get a login 
prompt, enter "fred", get a password prompt, enter "What4ever", and would be 
connected to the device connected to port si, typically a modem. You can pool multiple 
ports together by setting their service device telnet port to the same number. Any port 
number between 10000 and 10100 has this special property. 

In ComOS 3.3.2 and later (3.4.2L and later on the Office Router, 3.4.2R and later on the 

TM 

IRX ) this behavior has changed. In 3.3.2, you set up the port the same way as before, 
but now when the user telnets to port 23 and gives his username and password, the 
PortMaster first checks the local User Table, as it did before. If the user is not found in 
the local User Table and the PortMaster is configured to use a RADIUS server, the 
PortMaster sends a RADIUS Access-Request to the RADIUS server with the hint that 
Service-Type (6) = Outbound-User (5). 

If the PortMaster receives back an Access-Accept from the RADIUS server with 
Service-Type = Outbound-User, it allows the user to connect to the port. Check your 
/etc/raddb/dictionary file for the exact spelling of attribute 6 and value 5. 

An example entry in the /etc/raddb/users file for an Outbound-User follows: 

fred Password = "What4ever", Service-Type = Outbound-User 

Service-Type = Outbound-User, 

Login-Service = Telnet, 

Login-TCP-Port = 10000 


Additional Notes 
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Note that the user file can only have one entry named "fred". If fred is already used in 
the RADIUS users file as a different kind of user, you must use a different username to 
dial out with. RADIUS 2.0 will make this easier. 

RADIUS Accounting Terminate Cause 

Release 3.3.2 has added support for the RADIUS Accounting Acct-Terminate-Cause 
attribute to provide information on the cause of session termination. In addition, if 
termination debugging is turned on using the "set debug termination on" 
command, additional termination information is sent to syslog (auth.info) and the 
system console. 

Before upgrading the PortMaster, update your /etc/raddb/dictionary file by 
adding the following lines, kill your radiusd and restart it. An updated dictionary file 
is available at ftp://ftp.livingston.com/pub/le/radius/dictionary. 


ATTRIBUTE 

Acct-Terminate-Cause 

49 

integer 

VALUE 

Acct-Terminate-Cause 

User-Request 

1 

VALUE 

Acct-Terminate-Cause 

Lost-Carrier 

2 

VALUE 

Acct-Terminate-Cause 

Lost-Service 

3 

VALUE 

Acct-Terminate-Cause 

Idle-Timeout 

4 

VALUE 

Acct-Terminate-Cause 

Session-Timeout 

5 

VALUE 

Acct-Terminate-Cause 

Admin-Reset 

6 

VALUE 

Acct-Terminate-Cause 

Admin-Reboot 

7 

VALUE 

Acct-Terminate-Cause 

Port-Error 

8 

VALUE 

Acct-Terminate-Cause 

NAS-Error 

9 

VALUE 

Acct-Terminate-Cause 

NAS-Request 

10 

VALUE 

Acct-Terminate-Cause 

NAS-Reboot 

11 

VALUE 

Acct-Terminate-Cause 

Port-Unneeded 

12 

VALUE 

Acct-Terminate-Cause 

Port-Preempted 

13 

VALUE 

Acct-Terminate-Cause 

Port-Suspended 

14 

VALUE 

Ac c t-Terminate-Cause 

Service-Unavailable 

15 

VALUE 

Acc t-Terminate-Cause 

Callback 

16 

VALUE 

Acct-Terminate-Cause 

User-Error 

17 

VALUE 

Acct-Terminate-Cause 

Host-Request 

18 


The following simple script produces a list of termination causes seen. Note that this 
script does not remove duplicates, so it provides only an approximate count. 


cat /var/adm/radacct/*/detail | grep Acct-Terminate-Cause | \ 
sort | uniq -c 
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Here are the syslog messages and their meanings. Where a message would also go to 
RADIUS Accounting, the Acct-Terminate-Cause is included in the syslog message 
before the dash. In normal operation you would expect to see User-Request, 
Host-Request, and Lost-Carrier, although Lost-Carrier can be caused by the user 
hanging up his end of the connection or by line or modem problems. 

Admin Reset 

Port was reset by administrator. Also sent to RADIUS Accounting if a session was 
active on the port. 

Callback 

Callback User is disconnected so the port can be used to call user back. 

Cause Unknown 

Contact Livingston Technical Support. 

Host Request - PMD 

Disconnected or logged out from host using in.pmd service. This can mean either 
normal termination of a login session, or the remote host has crashed or become 
unreachable. Also sent to RADIUS Accounting. 

Host Request 

Disconnected or logged out from host. This can mean either normal termination of a 
login session, or the remote host has crashed or become unreachable. Also sent to 
RADIUS Accounting. 

Idle Timeout 

Idle timer expired for user or port. Also sent to RADIUS Accounting. 

Login Timeout 

The login:, password:, or host: prompt is set to timeout after five minutes with no input 
and has done so. 

Lost Qarrjer 

Session terminated when modem dropped DCD. This can either mean the user or his 
modem hung up the phone from their end, in which case there is no problem, or can 
mean that the line was dropped or took a noise hit too severe for the modems to 
recover from, or can mean that the local modem dropped DCD for some other reason. 
Also sent to RADIUS Accounting. 

Lost Service - Interface Down 

Contact Livingston Technical Support. 

Lost Service - Interface Error 

Contact Livingston Technical Support. 
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Lost Service - Invalid Network Handle 

Contact Livingston Technical Support. 

Lost Service - LMI 

A Frame Relay interface missed six consecutive LMI replies. 

Lost Service - No netbufs 

No netbufs are available for service. Contact Livingston Technical Support. 

NAS Error - PPP Unknown State 

The PortMaster could not determine state of PPP. Contact Livingston Technical 
Support. 

NAS Request - Modem Config Complete 

The Modem table entry has finished initializing the modem attached to the port. 

NAS Request - PPP Maximum Retransmissions 

PPP negotiations failed after the PortMaster sent 10 configuration requests. This is 
caused by a configuration error on the client, PortMaster, or RADIUS user entry. 

No Event Identified 

Contact Livingston Technical Support. 

Port Error - PPP Couldrrt Send 

The PortMaster could not send PPP negotiation. Check that the port and modems at 
both ends are properly configured for hardware flow control (RTS/CTS); if the problem 
still occurs, contact Livingston Technical Support. 

Port Error - EEE Loop. Detect 

The PortMaster saw its own Magic Number in an LCP Configuration Request. The two 
most likely causes are either that our modem is in echo mode or that we dialed into a 
UNIX system and it is echoing our packets back to us. In the former case, correct the 
configuration in the modem. In the latter case, change the chat script in the location 
table entry on the PortMaster to expect instead of "PPP". 

Port Error - Spurious Internets 

Attached device is causing too many interrupts, so the PortMaster reset the port. Also 
sent to RADIUS Accounting if a session was active on the port. 

Port Error - Unknown State 

Contact Livingston Technical Support. 
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Port Error - Wrong, Type 

Port is configured for login users only and a network user is trying to log in, or vice 
versa. To configure ports appropriately: 


set all login 

set all network dialin 

set all login network dialin 


Login users only 
Network users only 
Both 


Service Unavailable - Access Denied 

The port Access Filter does not permit connection to requested host. If you get this 
message and you wish to allow a connection to the host: 

1. If you did not intend to use an access filter, remove the ifilter from the port with 
"set Port ifilter" 

2. If you are using an access filter, check your filter rules. 

Service Unavailable - Auth Failed 

Three attempts by the user to authenticate at the login: prompt have failed, so the user 
is disconnected. 

Service UnamikMi. z Device 

Port is set for host device but in.pmd or the pseudo-tty configured is unavailable. This 
gets logged once per second until the situation is corrected. 

Service Unavailable - Host 

Login session was unable to connect to host. The most common cause is that the host is 
down or refusing connections or not running in.pmd or rlogind. 

Service Unavailable - PPP Auth Failed 

Contact Livingston Technical Support. 

Service Unavailable - PPP CHAP Auth Failed 

The user's PPP CHAP authentication failed. 

Service Unavailable - PPP No Protocol 

Neither IP nor IPX was negotiated for PPP, so no service can be provided. This is a 
configuration error for either the dial-in client or the user entry. 

Service Unavailable - PPP Outbound PAP Auth Failed 

PortMaster dialed out to another site and was being authenticated by PAP but failed, 
so the PortMaster is hanging up. (Note that if we are authenticated by CHAP and fail, 
it is the responsibility of the other end to hang up.) 

Service Unavailable - PPP PAP Auth Failed 

The user's PPP PAP authentication failed. 
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Session Timeout 

Session timer expired for user. Also sent to RADIUS Accounting. 

User Error - PPP LCP Protocol Reject 

The PortMaster received a LCP Protocol Reject. This should never happen; it indicates 
there is a bug in the software of the remote system since the remote system is claiming 
it does not support LCP. 

User Error - PPP NCP Active to Reply 

PortMaster received a PPP Configuration ACK when a session was already established, 
so it terminated the session. This is caused by a PPP implementation error in the 
dial-in client. Also sent to RADIUS Accounting. 

User Error - PPP NCP Active to Request 

PortMaster received a PPP Configuration Request when a session was already 
established, so it terminated the session. This is caused by a PPP implementation error 
in the dial-in client. Also sent to RADIUS Accounting. 

User Request - Admin Quit 

Quit command issued from the command line interface. 

User Request - PPP Term Ack 

Dial-in client requested that we terminate immediately without sending an 
acknowledgment. This message is expected from a proper PPP client termination. Also 
sent to RADIUS Accounting. 

User Request - PPP Term Reg 

Dial-in client requested that we send a Termination ACK and then terminate. This 
message is expected from a proper PPP client termination. Also sent to RADIUS 
Accounting. 

ComOS 3.3.1 

ISDN Basic Rate Interface (BRI) support 

ComOS 3.3 adds support for Livingston's new 5 BRI ISDN card. Up to two ISDN cards, 
in addition to a 10-port 115.2 Kbps asynchronous card, are supported in the PortMaster 
2E or 2ER. 

PortMasters support dial-on-demand ISDN connections using BRI ports and the PPP 
protocol. Each BRI supports two 64 Kbps B channels for data and one 16 Kbps D 
channel for signaling. Multiple lines can be used to increase bandwidth, either using 
Multilink PPP, as defined by RFC 1717, or using Livingston's Multi-line Load 
Balancing. ISDN BRI ports are easier to configure than asynchronous or synchronous 
ports because the NT1 is integrated in the port. No modem, CSU/DSU, or external 
terminal adapter is required. 


18 


ComOS 3.3.3 













ComOS 3.3.3 Release Note 


ISDN ports can also be used to do anything that an asynchronous port can be used for 
except network hardwired. Async or sync usage is autodetected. 56K or 64K speeds are 
also autodetected. The ISDN ports support synchronous PPP and asynchronous V.120 
PPP or SLIP. 

ISDN connections can be initiated on an as-needed basis or they can remain active all 
the time. A dial-out location must be specified in the Location Table for dial-out 
connections and a dial-in user must be specified in the User Table or RADIUS for dial- 
in connections. 

CHAP is available for dial-in or dial-out authentication. PAP is available for dial-in 
authentication, and is available for dial-out authentication if the =PAP= Send string is 
used in the V.25bis dialing script. 

The following commands have been added to configure ISDN: 

set isdn-switch ni-1|dms-100|5ess|5ess-ptp 

set Port spid Number 

set Port directory Number 

See "Configuring ISDN" for more information on the ISDN commands. 

Any 64K ISDN B-channel port can be used as a dial-out ISDN modem. A user can 
telnet to a ISDN port and then execute a Hayes AT dialing command to connect to a 
remote ISDN PortMaster, PortMaster ISDN Office Router, or external ISDN modem. 

The PortMaster responds to any "AT" command which is not specifically a dial 
command with an "OK". That way, attempts to set S registers, flow control, or other 
things needed by analog modems are accepted by the PortMaster but ignored. This 
allows existing configured dialer software to be used with the PortMaster ISDN port 
without any changes. 

The "AT&N56" command sets the port for 56K operation for this dialout, and the 
"AT&N64" command sets the port for 64K. The "AT&NO" command attempts to 
autodetect the available data service, either 56000 or 64000. The "AT&N55" command 
performs an outbound call using data over voice. 

A dial command can be ATDT, ATD or ATDP followed by the phone number. Phone 
numbers can have dashes "-", commas "," or digits in them, ending with a carriage 
return. Since ISDN does not require pauses in dialing, commas in the phone number 
are accepted but ignored. 

Configuring ISDN 

Only three additional things need to be configured on the PortMaster to permit ISDN 
service. They are: the ISDN Switch type, a Service Profile Identifier (SPID) for each 
ISDN port, and a directory number(DN) for each ISDN port. All three can be 
configured from PMconsole 3.3 or from the command line interface. To display ISDN 
debug information on the console, use the commands: 

show isdn 

set console 

set debug isdn on 
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To turn off debugging use the commands: 

set debug isdn off 
reset console 

ISDN Switch Type 

The ISDN Switch Type can be set to one of four values. Your telephone company can 
tell you which type its switch is: National ISDN-1 (NI-1), Northern Telecom DMS-100 
Custom, AT&T 5ESS Custom Multi-Point, or AT&T 5ESS Custom Point-to-Point. If they 
have a DMS-100 or 5ESS switch that uses National ISDN-1, treat that as NI-1. 

Use one of the following commands to set the switch type. The default is NI-1. If you 
change the switch type after setting a SPID on a port you must reboot the PortMaster 
for the change to take effect. 


set 

isdn-switch 

ni-1 

set 

isdn-switch 

dms-100 

set 

isdn-switch 

5ess 

set 

isdn-switch 

5ess-ptp 


PMconsole 3.3 does not support the 5ess-ptp switch type, so if you are using 5ESS 
Point-to-Point you must set the switch type from the command line. 

SPID 

The Service Profile Identifier (SPID) is a number up to 20 digits long set for each port, 
which identifies the port to the telephone company. The telephone company can 
provide you with the SPIDs for each line. If the spid is invalid, "set debug isdn 
on" can reveal that. An example command is: 

set slO spid 1510555121200 

Directory. Number 

If you set the Directory Number, then an incoming call must match this number to 
determine which port the call is taken on. It is a 10-digit phone number provided by 
the telephone company. Either of the following commands are accepted: 

set slO dn 5105551111 

set slO directory 5105551111 

Other port configuration 

ISDN ports are simpler to configure than asynchronous ports. You never set modem 
control (carrier detect), flow control or speed on an ISDN port. The PortMaster senses 
the speed and sets the port to 64000 or 56000 accordingly, flow control isn't needed on 
a synchronous line since clock is provided by the telephone company, and carrier 
detect is always used. Refer to the Communications Server Hardware Installation Guide for 
information on ISDN LED activity. 

The ports support both sync and async PPP (V.120). The show port command 
displays 64000/async if async PPP is in use. The port can be configured for anything 
an async port can be configured for, except that network hardwired is not supported. 

When using the ISDN port for network dial-out, the dial-out location should use a 
V.25bis script and authenticate using CHAP, but PAP is also available. 
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Here is a table for what show port displays according to port status: 


Port Status 

Modem Status 


Description . 

NO-SERVICE 

DCD- 

CTS- 

TELCO- 

NTl- 

No SPID set 

NO-SERVICE 

DCD- 

CTS- 

TELCO- 

NT1 + 

No cable or no circuit to 

Telephone Company 

NO-SERVICE 

DCD- 

CTS+ 

TELCO+ 

NT1+ 

Cable and ISDN circuit OK but 
SPID not registered 

IDLE 

DCD- 

CTS+ 

TELCO+ 

NT1+ 

SPID registered and ready to use 

ESTABLISHED 

DCD- 

CTS+ 

TELCO+ 

NT1 + 

Connecting or providing device 
service but no carrier sensed 

ESTABLISHED 

DCD+ 

CTS+ 

TELCO+ 

NT1 + 

Connected 

ESTABLISHED 

DCD+ 

CTS- 

TELCO+ 

NT1+ 

Connected with V.120 async but 
flow controlled by other end 


New RADIUS Attributes 

To use the new RADIUS attributes with RADIUS 1.16, upgrade your PortMaster to 
ComOS 3.3.1 as described below, add the following lines to your 
/etc/raddb/dictionary file, kill your radiusd daemon and restart it. 


ATTRIBUTE 

Session-Timeout 

27 

integer 

ATTRIBUTE 

Idle-Timeout 

28 

integer 

ATTRIBUTE 

Called-Station-Id 

30 

string 

ATTRIBUTE 

Calling-Station-Id 

31 

string 

ATTRIBUTE 

Acct-Input-Octets 

42 

integer 

ATTRIBUTE 

Acct-Output-Octets 

43 

integer 

ATTRIBUTE 

NAS-Port-Type 

61 

integer 

ATTRIBUTE 

Port-Limit 

62 

integer 

VALUE 

NAS-Port-Type 

Async 

0 

VALUE 

NAS-Port-Type 

Sync 

1 

VALUE 

NAS-Port-Type 

ISDN 

2 

VALUE 

NAS-Port-Type 

ISDN-VI20 

3 

VALUE 

NAS-Port-Type 

ISDN-VI10 

4 


Idle-Timeout is expressed in seconds but is rounded to a minute boundary, and can be 
any value from 120 (2 minutes) to 14400 (4 hours). Session-Timeout is expressed in 
seconds but is rounded to a minute, and can be up to a year long. Note that Port-Limit 
only works with certain types of users; see the New Features section above for 
restrictions. 

Here is an example /etc/raddb/users entry for a network user that is authenticated 
using a login script or PAP using her password from the UNIX /etc/passwd file, and 
uses PPP with an address assigned from the PortMaster's dynamic address assignment 
pool. She is only allowed to connect once concurrently per PortMaster. After 10 
minutes (600 seconds) of idle time without any traffic she is disconnected. After 2 
hours (7200 seconds) elapsed time she is disconnected regardless of what she's doing. 
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# 

# Example PPP user, address Assigned by PortMaster 

# 

pam Password = "UNIX" 

User-Service-Type = Framed-User, 

Framed-Protocol = PPP, 

Framed-Address = 255.255.255.254, 

Framed-MTU = 1500, 

Idle-Timeout = 600, 

Session-Timeout = 7200, 

Port-Limit = 1 

ISDN Basic Rate Interface (BRI) support 

ComOS 3.3 adds support for Livingston's new 5 BRI ISDN card. Up to two ISDN cards, 
in addition to a 10-port 115.2 Kbps asynchronous card, are supported in the PortMaster 
2E or 2ER. 

PortMasters support dial-on-demand ISDN connections using BRI ports and the PPP 
protocol. Each BRI supports two 64 Kbps B channels for data and one 16 Kbps D 
channel for signaling. Multiple lines can be used to increase bandwidth, either using 
Multilink PPP, as defined by RFC 1717, or using Livingston's Multi-line Load 
Balancing. ISDN BRI ports are easier to configure than asynchronous or synchronous 
ports because the NT1 is integrated in the port. No modem, CSU/DSU, or external 
terminal adapter is required. 

ISDN ports can also be used to do anything that an asynchronous port can be used for 
except network hardwired. Async or sync usage is autodetected. 56K or 64K speeds are 
also autodetected. The ISDN ports support synchronous PPP and asynchronous V.120 
PPP or SLIP. 

ISDN connections can be initiated on an as-needed basis or they can remain active all 
the time. A dial-out location must be specified in the Location Table for dial-out 
connections and a dial-in user must be specified in the User Table or RADIUS for dial- 
in connections. 

CRAP is available for dial-in or dial-out authentication. PAP is available for dial-in 
authentication, and is available for dial-out authentication if the =PAP= Send string is 
used in the V.25bis dialing script. 

The following commands have been added to configure ISDN: 

set isdn-switch ni-1|dms-100|5ess|5ess-ptp 

set Port spid Number 

set Port directory Nuinber 

See "Configuring ISDN" for more information on the ISDN commands. 

Any 64K ISDN B-channel port can be used as a dial-out ISDN modem. A user can 
telnet to a ISDN port and then execute a Hayes AT dialing command to connect to a 
remote ISDN PortMaster, PortMaster ISDN Office Router, or external ISDN modem. 


22 


ComOS 3.3.3 





ComOS 3 . 3.3 Release Note 


The PortMaster responds to any "AT" command which is not specifically a dial 
command with an "OK". That way, attempts to set S registers, flow control, or other 
things needed by analog modems are accepted by the PortMaster but ignored. This 
allows existing configured dialer software to be used with the PortMaster ISDN port 
without any changes. 

The "AT&N56" command sets the port for 56K operation for this dialout, and the 
"AT&N64" command sets the port for 64K. The "AT&NO" command attempts to 
autodetect the available data service, either 56000 or 64000. The "AT&N55" command 
performs an outbound call using data over voice. 

A dial command can be ATDT, ATD or ATDP followed by the phone number. Phone 
numbers can have dashes commas or digits in them, ending with a carriage 
return. Since ISDN does not require pauses in dialing, commas in the phone number 
are accepted but ignored. 

Configuring ISDN 

Only three additional things need to be configured on the PortMaster to permit ISDN 
service. They are: the ISDN Switch type, a Service Profile Identifier (SPID) for each 
ISDN port, and a directory number(DN) for each ISDN port. All three can be 
configured from PMconsole 3.3 or from the command line interface. To display ISDN 
debug information on the console, use the commands: 

show isdn 

set console 

set debug isdn on 

To turn off debugging use the commands: 

set debug isdn off 
reset console 

ISDN Switch Type 

The ISDN Switch Type can be set to one of four values. Your telephone company can 
tell you which type its switch is: National ISDN-1 (NI-1), Northern Telecom DMS-100 
Custom, AT&T 5ESS Custom Multi-Point, or AT&T 5ESS Custom Point-to-Point. If they 
have a DMS-100 or 5ESS switch that uses National ISDN-1, treat that as NI-1. 

Use one of the following commands to set the switch type. The default is NI-1. If you 
change the switch type after setting a SPID on a port you must reboot the PortMaster 
for the change to take effect. 


set 

isdn-switch 

ni-1 

set 

isdn-switch 

dms-100 

set 

isdn-switch 

5ess 

set 

isdn-switch 

5ess-ptp 


PMconsole 3.3 does not support the 5ess-ptp switch type, so if you are using 5ESS 
Point-to-Point you must set the switch type from the command line. 
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SPID 

The Service Profile Identifier (SPID) is a number up to 20 digits long set for each port, 
which identifies the port to the telephone company. The telephone company can 
provide you with the SPIDs for each line. If the spid is invalid, "set debug isdn 
on" can reveal that. An example command is: 

set slO spid 1510555121200 

Directory, Number 

If you set the Directory Number, then an incoming call must match this number to 
determine which port the call is taken on. It is a 10-digit phone number provided by 
the telephone company. Either of the following commands are accepted: 

set slO dn 5105551111 

set slO directory 5105551111 

Other port configuration 

ISDN ports are simpler to configure than asynchronous ports. You never set modem 
control (carrier detect), flow control or speed on an ISDN port. The PortMaster senses 
the speed and sets the port to 64000 or 56000 accordingly, flow control isn't needed on 
a synchronous line since clock is provided by the telephone company, and carrier 
detect is always used. Refer to the Communications Server Hardware Installation Guide for 
information on ISDN LED activity. 

The ports support both sync and async PPP (V.120). The show port command 
displays 64000/async if async PPP is in use. The port can be configured for anything 
an async port can be configured for, except that network hardwired is not supported. 

When using the ISDN port for network dial-out, the dial-out location should use a 
V.25bis script and authenticate using CHAP, but PAP is also available. 

Here is a table for what show port displays according to port status: 


Port Status 

Modem Status 


Description 

NO-SERVICE 

DCD- 

CTS- 

TELCO- 

NTl- 

No SPID set 

NO-SERVICE 

DCD- 

CTS- 

TELCO- 

NT1+ 

No cable or no circuit to 

Telephone Company 

NO-SERVICE 

DCD- 

CTS+ 

TELCO+ 

NT1+ 

Cable and ISDN circuit OK but 
SPID not registered 

IDLE 

DCD- 

CTS+ 

TELCO+ 

NT1+ 

SPID registered and ready to use 

ESTABLISHED 

DCD- 

CTS+ 

TELCO+ 

NT1+ 

Connecting or providing device 
service but no carrier sensed 

ESTABLISHED 

DCD+ 

CTS+ 

TELCO+ 

NT1 + 

Connected 

ESTABLISHED 

DCD+ 

CTS- 

TELCO+ 

NT1+ 

Connected with V.120 async but 
flow controlled by other end 
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New RADIUS Attributes 

To use the new RADIUS attributes with RADIUS 1.16, upgrade your PortMaster to 
ComOS 3.3.1 as described below, add the following lines to your 
/etc/raddb/dictionary file, kill your radiusd daemon and restart it. 


ATTRIBUTE 

Session-Timeout 

27 

integer 

ATTRIBUTE 

Idle-Timeout 

28 

integer 

ATTRIBUTE 

Called-Station-Id 

30 

string 

ATTRIBUTE 

Calling-Station-Id 

31 

string 

ATTRIBUTE 

Acct-Input-Octets 

42 

integer 

ATTRIBUTE 

Acct-Output-Octets 

43 

integer 

ATTRIBUTE 

NAS-Port-Type 

61 

integer 

ATTRIBUTE 

Port-Limit 

62 

integer 

VALUE 

NAS-Port-Type 

Async 

0 

VALUE 

NAS-Port-Type 

Sync 

1 

VALUE 

NAS-Port-Type 

ISDN 

2 

VALUE 

NAS-Port-Type 

ISDN-VI20 

3 

VALUE 

NAS-Port-Type 

ISDN-VI10 

4 


Idle-Timeout is expressed in seconds but is rounded to a minute boundary, and can be 
any value from 120 (2 minutes) to 14400 (4 hours). Session-Timeout is expressed in 
seconds but is rounded to a minute, and can be up to a year long. Note that Port-Limit 
only works with certain types of users; see the New Features section above for 
restrictions. 

Here is an example /etc/raddb/users entry for a network user that is authenticated 
using a login script or PAP using her password from the UNIX /etc/passwd file, and 
uses PPP with an address assigned from the PortMaster's dynamic address assignment 
pool. She is only allowed to connect once concurrently per PortMaster. After 10 
minutes (600 seconds) of idle time without any traffic she is disconnected. After 2 
hours (7200 seconds) elapsed time she is disconnected regardless of what she's doing. 
# 

# Example PPP user, address Assigned by PortMaster 

# 

pam Password = "UNIX" 

User-Service-Type = Framed-User, 

Framed-Protocol = PPP, 

Framed-Address = 255.255.255.254, 

Framed-MTU = 1500, 

Idle-Timeout = 600, 

Session-Timeout = 7200, 

Port-Limit = 1 
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Memory Requirements 
3.3.2 and 3.3.3 

If you are installing a MOD-IOI-U or MOD-IOI-ST expansion card into a PM-2E-20 you 
should first install four megabytes of memory. This is the only hardware configuration 
that requires additional memory in ComOS 3.3.2 or 3.3.3. For instructions on 
upgrading the memory see the Communications Server Hardware Installation Guide. 

3.3 and 3.3.1 

Release 3.3 and 3.3.1 function on all existing PortMasters in about the same memory as 
release 3.1.4. Memory considerations are only required when adding ISDN modules to 
the PM-2E chassis. 


Model 

Async 

Sync 

ISDN 

Base Memory 

PM-2E-10 +1 ISDN 

10 

0 

10 

850K 

PM-2E-10 + 2 ISDN 

10 

0 

20 

900K 

PM-2E-20 +1 ISDN 

20 

0 

10 

925K 

PM-2ER-10 +1 ISDN 

10 

1 

10 

875K 

PM-2ER-10 + 2 ISDN 

10 

1 

20 

925K 

PM-2ER-20 +1 ISDN 

20 

1 

10 

950K 


If SNMP is used an additional 50K is used. If IPX is used an additional 20K is used. 

In addition to the base and module memory required, memory is used to manage each 
table within the PortMaster. The most common table requiring memory is the routing 
table. 5K per 100 routes should be budgeted. With these guidelines the standard 1MB 
(1024K) should work on most configurations. If user entries are being managed on the 
PM-2ER-20 + 1 ISDN and IPX and SNMP are required, the PortMaster should be 
upgraded to 4MB (4096K). 

The PortMaster auto-detects the physical installed memory. 30-pin 70ns SIMMs are 
required, and there must be 4 SIMMs, all of them either 256K, 1MB, or 4MB. Mixing 
SIMMs is not supported. 
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Upgrade Instructions 

If you are upgrading from ComOS 2.3 or 2.4 to 3.3.3, you must first upgrade to ComOS 
3.0.4, reboot, then upgrade to 3.3.3. 

If you have any port speeds set to 115200, upgrade to ComOS release 3.3.3. and 
downgrade to any release before 3.3.2 you must set the port speeds again after 
downgrading. 

WARNING! YOU MUST USE PMINSTALL VERSION 3.3.1 OR LATER TO 
PERFORM THIS UPGRADE! If you are upgrading using PMconsole™ for Windows, 
you must use PMconsole for Windows version 1.1 or later. 

The 3.3.3 upgrade image is available for the PortMaster 2, 2E, 2ER, and 2R at 
ftp: //ftp.livingston.com/pub/le/upgrades/pm2_3.3.3 and for the 
PortMaster 25 at ftp: //ftp.livingston.com/pub/le/upgrades/pm25_3.3.3. 

ComOS 3.3.3 uses the same RADIUS dictionary file as ComOS 3.3.2. The dictionary file 
is available at ftp://ftp.livingston.com/pub/le/radius/dictionary. 

The installation software can be FTPed from 

f tp://f tp.1ivings ton.com/pub/le/so ftware /sys tern /tarfi 1e . 
umask 22 

mkdir /usr/portmaster 
cd /usr/portmaster 
tar xvf tarfile 
./pminstall 

To upgrade a PM-2, PM-2E, PM-2ER, or PM-2R to ComOS 3.3.3, run pminstall and 
choose the Upgrade PortMaster option, choose pm2_3.3.3 from the menu of upgrade 
choices, enter your PortMaster's hostname or IP address, and enter your PortMaster's 
administrative password, pminstall upgrades your PortMaster to ComOS 3.3.3. 

To upgrade a PM-25 follow the above instructions except choose pm25_3.3.3 from 
the menu of upgrade choices instead of pm2_3.3.3. 

The upgrade does not affect your stored configuration in the PortMaster. If you would 
like to backup your PortMaster configuration before upgrading, run pmreadconf: 

cd /usr/portmaster 

./pmreadconf pmname pmpassword data/pmname .conf 
chmod 600 data/pmname.conf 


Upgrade Instructions 
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ComOS 3.3.3 Release Note 


Copyright and Trademarks 

© 1996 Livingston Enterprises, Inc. All rights reserved. 

The product names "ChoiceNet," "ComOS/' "IRX," "PortMaster," "PMconsole," "RADIUS," and "True Digital" 
are trademarks belonging to Livingston Enterprises, Inc. 

All brand product names mentioned in this document are trademarks or registered trademarks of their respective 
manufacturers. 

Notices 

Livingston Enterprises, Inc. makes no representations or warranties with respect to the contents or use of this 
manual, and specifically disclaims any express or implied warranties of merchantability or fitness for any 
particular purpose. Further, Livingston Enterprises, Inc. reserves the right to revise this publication and to make 
changes to its content, any time, without obligation to notify any person or entity of such revisions or changes. 

Contacting Livingston Technical Support 

Every Livingston PortMaster or IRX™ product comes with free lifetime software technical support and a one year 
hardware warranty. Livingston Enterprises provides free technical support via voice, FAX, and electronic mail. 
Technical support is available Monday through Friday 6am-5pm Pacific Time (GMT-8). 

To contact Livingston technical support by voice, dial 1-800-458-9966 within the US or 1-510-426-0770 outside the 
US, by FAX, dial 1-510-426-8951, by electronic mail, send mail to support@livingston.com, and through the World 
Wide Web at http://www.livingston.com/. 
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